eduroam

 

eduroam, (education roaming) is a secure worldwide-­federated network access service developed for the international research and education community.

Since Tufts University subscribes to the eduroam service, when you visit a participating institution, you are provided encrypted network access without the need to get guest credentials on arrival. Tufts' study abroad students, faculty, and staff can join thousands of eduroam hotspots without the disruption or costs associated with traditional third-party data connection. Depending on local policies at the visited institutions, eduroam participants may also have additional resources (for example printers) at their disposal.

Visiting Tufts? Select Tufts_Guest wireless from the list of available networks.

Traveling away from Tufts? Check the International service locator or the US Institution service locator

  1. While on campus at the participating institution, select eduroam from the list of available networks.
  2. Sign in by entering your Tufts Username in the form of TuftsUsername@tufts.edu
    Correct: jjumbo01@tufts.edu
    Incorrect: jjumbo01
  3. Enter your Tufts Password to complete login.

International eduroam locations National eduroam locations

Additional Connectivity Information

In order to connect to eduroam, the network adapter must support WPA2 and MSCHAPv2. The user will also need to enter their Tufts Username and Tufts Password when prompted for a user name and password.

Frequently Asked Questions answered by eduroam

What is eduroam?

eduroam (education roaming) allows users (researchers, teachers, students, staff) from participating institutions to securely access the Internet from any eduroam­?enabled institution. The eduroam principle is based on the fact that the user's authentication is done by the user's home institution, whereas the authorization decision allowing access to the network resources is done by the visited network.
I am a student / researcher / professor, can I use eduroam? As an end user you will only be able to use eduroam if the institution you visit offers eduroam service. You will need to have a valid Tufts Username and Tufts Password in order to user this service at the remote site.Traveling away from Tufts? Check the International service locator or the US Institution service locator. Visiting Tufts? Select Tufts_Guest wireless from the list of available networks.
What does eduroam cost? eduroam is free for its users, there is no charge for eduroam use world-­wide. The providers of eduroam hotspots make the service available to benefit all members of the research and education community.
Can a public WiFi provider offer eduroam?

eduroam separates the concepts of authentication (identity providers) and hotspots (service providers) allowing public, commercial or city wifi initiatives to offer eduroam in addition to research and education institutions.

What commercial entities cannot do is become identity providers and offer a service to their customers that will work with eduroam. so any partnership with a commercial wifi service needs to respect that users of this hotspot cannot be charged for accessing the network.

How does eduroam work? When a user tries to log on to the wireless network of a visited eduroam-enabled institution, the user's authentication request is sent to the user's home institution. This is done via a hierarchical system of RADIUS servers. The user's home institution verifies the user's credentials and sends to the visited institution (via the RADIUS servers) the result of such a  verification.
What technology does eduroam use?

In eduroam, communication between the access point and the user's home institution is based on IEEE 802.1X standard; 802.1X encompasses the use of EAP, the Extensible Authentication Protocol, which allows for different authentication methods. Depending on the type of EAP method used, either a secure tunnel will be established from the user's computer to his home institution through which the actual authentication information (username/password etc.) will be carried (EAP-TTLS or PEAP), or mutual authentication by public X.509 certificates, which is not vulnerable to eavesdropping, will be used (EAP-­TLS).

Is eduroam safe to use? eduroam is based on the most secure encryption and authentication standards in existence today. Its security by far exceeds typical commercial hotspots. Be aware though that when using the general Internet at an eduroam hotspot, the local site security measures at that hotspot will apply to you as well. For example, the firewall settings at the visited place may be different from those you are used to at home, and as a guest you may have access to fewer services on the Internet than you have at home.
Does eduroam use a captive portal for authentication?

No. Web Portal, Captive Portal or Splash-­Screen based authentication mechanisms are not a secure way of accepting eduroam credentials, even if the website is protected by an HTTPS secure connection. The distributed nature of eduroam would mean that many different pages, languages and layouts would be presented to eduroam users making it impossible to distinguish between legitimate and bogus sites (even a consistent layout can be mimicked by an adversary).

eduroam requires the use of 802.1x which provides end-­to-­end encryption to ensure that your private user credentials are only available to your home institution. The certificate of your home institution is the only point you need to trust regardless of who operates any intermediate infrastructure. Web portals require you to trust their infrastructure as they receive your password in clear text, this breaks the end-to-­end encryption tenets of eduroam.

Does eduroam work on different platforms? eduroam uses open standards to enable cross platform uniform access. This means that eduroam works on Windows, Linux, MAC OS, and even Windows CE and many mobile devices.